package com.cskaoyan.config;

import com.cskaoyan.bean.systembean.Permission;
import com.cskaoyan.mapper.systemmapper.PermissionMapper;
import com.cskaoyan.realm.AdminRealm;
import com.cskaoyan.realm.CustomRealm;
import com.cskaoyan.realm.WxRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.LinkedHashMap;

@Configuration
public class ShiroConfig {
    @Autowired
    PermissionMapper permissionMapper;
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManagerz){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //认证失败后重定向的url
        shiroFilterFactoryBean.setLoginUrl("/unAuthc");
//        shiroFilterFactoryBean.setLoginUrl("/#/login");
        shiroFilterFactoryBean.setSecurityManager(securityManagerz);
        //最重要的事情
        //对请求过滤 filter
        //key 请求url value对应的是过滤器
        LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();
        //login(username,password) success
        //失败则重新登录
        filterMap.put("/admin/auth/login","anon");
        filterMap.put("/wx/auth/login","anon");
        filterMap.put("/wx/goods/*","anon");
        filterMap.put("/wx/cart/goodscount","anon");
        filterMap.put("/wx/home/**","anon");
        filterMap.put("/wx/brand/**","anon");
        filterMap.put("/wx/catalog/**","anon");
        filterMap.put("/wx/search/**","anon");
        filterMap.put("/wx/topic/**","anon");
        filterMap.put("/wx/storage/upload","anon");
        filterMap.put("/wx/auth/regCaptcha","anon");
        filterMap.put("/wx/auth/register","anon");
        filterMap.put("/wx/auth/reset","anon");
        filterMap.put("/wx/comment/**","anon");
//        filterMap.put("/wx/coupon/receive","anon");
        filterMap.put("/wx/**","authc");
//        filterMap.put("/unAuthc","anon");
//        filterMap.put("/index","anon");
 //当你分配了perm1的权限时才能访问need/perm这请求
 //filterMap.put("/need/perm","perms[perm1]");
//        filterMap.put("/admin/region/list","perms");
//        filterMap.put("/admin/brand/*","perms[perm1]");
//        filterMap.put("/admin/category/*","");
//        filterMap.put("admin/order/*","");
//        filterMap.put("admin/issue/*","");
//        filterMap.put("admin/keyword/*","");
        //优选的方式是声明式
        //filterMap.put("/auth/logout","logout");
        filterMap.put("/**","authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);

        return shiroFilterFactoryBean;
    }
    //shiro核心组件 SecurityManager

    @Bean
    public DefaultWebSecurityManager securityManagerz(AdminRealm adminRealm,WxRealm wxRealm,
                                                      DefaultWebSessionManager webSessionManager,
                                                      CustomAuthenticator authenticator){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setSessionManager(webSessionManager);
        defaultWebSecurityManager.setAuthenticator(authenticator);
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(wxRealm);
        defaultWebSecurityManager.setRealms(realms);

        return defaultWebSecurityManager;
    }

    /*
    * 声明式鉴权 注解需要的组件
    * */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManagerz){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManagerz);
        return authorizationAttributeSourceAdvisor;
    }

    /*使用映射处理异常：key为异常全类名 value为异常处理的请求*/
    /*@Bean
    public SimpleMappingExceptionResolver simpleMappingExceptionResolver(){
        SimpleMappingExceptionResolver simpleMappingExceptionResolver = new SimpleMappingExceptionResolver();
        Properties mappings = new Properties();
        mappings.put("org.apache.shiro.authz.AuthorizationException","/noperm");
        simpleMappingExceptionResolver.setExceptionMappings(mappings);
        return simpleMappingExceptionResolver;
    }*/

    @Bean
    public DefaultWebSessionManager webSessionManager(){
        CustomSessionManager customSessionManager = new CustomSessionManager();
//        默认30分钟 30*60*1000
        customSessionManager.setGlobalSessionTimeout(25*60*1000);
        return customSessionManager;
    }

    @Bean
    public CustomAuthenticator authenticator(AdminRealm adminRealm, WxRealm wxRealm){
        CustomAuthenticator customAuthenticator = new CustomAuthenticator();
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(wxRealm);
        customAuthenticator.setRealms(realms);
        return customAuthenticator;
    }

}
